<?php

/*
 * This file will perform the ajax for editing a security group.
 * This is being used by admSecGroupEdit.php.
 * 
 * Created by: Peter Agno Jr.
 * Date created: December 5, 2011
 * 
 * In parameters: securityGroupId, securityGroupName, and permIds
 * Out parameters: flag and msg about the success of editing of security group
 */

//********************************************************************************************************
/*
 * Define the functions in here
 */

    // Start - Check if security group has no data in Dept_Pos_SecurityGroup
    function noDeptPosSecGrp($securityGroupId) {
        $query = 
        "
            SELECT * 
            FROM Dept_Pos_SecurityGroup 
            WHERE securityGroupId = '$securityGroupId'
        ";
        
        $result = mysql_query($query) or die ('Error in query: $query. ' . mysql_error());
        
        if ( mysql_fetch_array($result) == 0 ) {
            return true;
        }
        else {
            return false;
        }
    } // End - Check if security group has data in Dept_Pos_SecurityGroup
    
    // Start - Edit data in SecurityGroup
    function editSecGrp($securityGroupId, $securityGroupName){
        $query =
            "
                UPDATE SecurityGroup 
                SET securityGroupName = '$securityGroupName'
                WHERE securityGroupId = '$securityGroupId';
            ";

        mysql_query($query) or die ('Error in query: $query. ' . mysql_error());
    } // End - Edit data in SecurityGroup
    
    // Start - Check there is data already in SecurityGroup_Permission
    function noDataSecGrpPerm($securityGroupId, $permissionId) {        
        $query = 
        "
            SELECT *
            FROM SecurityGroup_Permission         
            WHERE securityGroupId = '$securityGroupId' AND permissionId = '$permissionId'
        ";
        
        $result = mysql_query($query) or die ('Error in query: $query. ' . mysql_error());
        
        if ( mysql_fetch_array($result) == 0 ) {
            return true;
        }
        else {
            return false;
        }
    } // End - Check there is data already in SecurityGroup_Permission
    
    // Start - Edit data in SecurityGroup_Permission
    function editPerm($securityGroupId, $permIds) {
        $permIds = explode(",", $permIds);
        
        // Insert data in SecurityGroup_Permission
        for ( $x = 0 ; $x < count($permIds) - 1 ; $x++ ) {
            if ( noDataSecGrpPerm($securityGroupId, $permIds[$x]) == true ) {
                $query =
                "
                    INSERT INTO SecurityGroup_Permission (securityGroupId, permissionId) VALUES
                        ('$securityGroupId', '$permIds[$x]');
                ";

                mysql_query($query) or die ('Error in query: $query. ' . mysql_error());
            }
        }
        
        // Start - Delete data that were removed
        $permQuery = 
        "
            SELECT *
            FROM SecurityGroup_Permission         
            WHERE securityGroupId = '$securityGroupId'
        ";
        
        $permResult = mysql_query($permQuery) or die ('Error in query: $permQuery. ' . mysql_error());
        
        while ( $permRow = mysql_fetch_array($permResult) ) {
            $queryPermId = $permRow['permissionId'];
            
            if ( !in_array($queryPermId, $permIds) ) {
                $query =
                "
                    DELETE FROM SecurityGroup_Permission 
                    WHERE securityGroupId = '$securityGroupId' AND permissionId = '$queryPermId';
                ";

                mysql_query($query) or die ('Error in query: $query. ' . mysql_error());
            }
        }
    } // End - Edit data in SecurityGroup_Permission
    
//********************************************************************************************************

session_start();

// Start - Checker for those users who will just go to the page by typing directly in the url.
if ($_POST) {
    include('../includes/siteConfig.php');
    
    // connect to database
    $connect = mysql_connect($hostName,$rootName,$dBasePassword) or die ('Unable to connect!');
    mysql_select_db($dBaseName) or die ('Unable to select database!');
    
    // Get the data from post
    $securityGroupId = $_POST['securityGroupId'];
    $securityGroupName = $_POST['securityGroupName'];
    $permIds = $_POST['permIds'];
    
    if ( noDeptPosSecGrp($securityGroupId) == true ) {
        // Show Edit and Delete button if the security group has:
        // - No Dept_Pos_SecurityGroup
        editSecGrp($securityGroupId, $securityGroupName);
        editPerm($securityGroupId, $permIds);

        $jsondata = array();
        $jsondata['msg'] = "You have successfully updated security group ".$securityGroupName." (".$securityGroupId.").";
        $jsondata['flag'] = "success";
        $feed[] = $jsondata;
        echo json_encode($feed);
    }
    else {
        $jsondata = array();
        $jsondata['msg'] = "Error : Ajax in editing the security groups was not successful.";
        $jsondata['flag'] = "error";
        $feed[] = $jsondata;
        echo json_encode($feed);
    }
    
    mysql_close($connect);
}   // End - Checker for those users who will just go to the page by typing directly in the url.
else {
    echo "You are not authorized to view this page. This incident will be reported immediately.";
}
?>
